Monday, June 28, 2010

You're the meat in their salami sandwich

Mrs. Guambat rails at Guambat for failing to pay close attention to things like prices the grocery clerk rings up, restaurant bills, department store dockets and, especially, credit card statements. Guambat gives it a quick once over, if he can see the small print at all, and if ballpark right, it's good enough for him.

If Guambat sees an item like a charge on his credit card bill for, say, $3.50 that he didn't remember charging (and he never charges that small an amount anyway), he'd be miffed but not bothered to do anything about it because of all the time and aggravation it would cost -- an expense well in excess of the cost of a small error.

This could easily mark Guambat for a slice of salami, and you, too, if you're at all like Guambat in this particular habit.

A what, you ask?

Glad you asked, because the story of this post reminded Guambat of a term he had heard years ago and had begun to think he had mistakenly made it up because he hadn't heard it since.

FTC says scammers stole millions, using virtual companies
The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.

"It was a very patient scam," said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. "The people who are behind this are very meticulous."

According to him, the scammers found loopholes in the credit card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit card transactions through legitimate credit card processing companies.

The scammers stayed under the radar by charging very small amounts -- typically between $0.25 and $9 per card -- and by setting up more than 100 bogus companies to process the transactions. Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC.

U.S. consumers footed most of the bill for the scam because, amazingly, about 94 percent of all charges went uncontested by the victims. According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed.

In March Alexsandr Bernik of Roseville, California, was sentenced to 70 months in prison for running a similar scam. He put tens of thousands of charges on Amex accounts, each ranging from $9 to $15. Neither federal authorities nor American Express would explain how Bernik obtained his card numbers.

Bernik made his charges on behalf of a fictional corporation called Lexbay Ltd., but in the FTC case, the scammers would mimic legitimate companies -- taking real federal tax I.D. numbers and then setting up fake businesses with nearly identical names that appeared to be located nearby. In a move that apparently tricked credit card processors into granting it a merchant account, Adele Services, for example, was set up to mimic a legitimate Bronx, New York group called Adele Organization.

When the scammers tried to register merchant accounts with credit card processors, the processors would do some investigating, but using tricks like these, the scammers were always one step ahead.

In fact, the FTC's description of their operation reads like a textbook on how to set up a fake virtual corporation in the Internet age.

OK, so what does this have to do with salami?

Well, the phrase Guambat recalled was "salami slicing". Reading this story reminded him of it, so being at the computer anyway, looked for "salami slicing in Wikipedia. Sure enough, there it was:
Salami slicing is a series of many minor actions, often performed by clandestine means, that together results in a larger action that would be difficult or illegal to perform at once. The term is typically used pejoratively.

An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.

In information security, a salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack.

In politics, the term salami tactics has been used since the 1940s to refer to a divide and conquer process of threats and alliances used to overcome opposition.

In academium, salami slicing refers to the practice of creating several publications out of material that could have been published in a single journal or review.

In 2008 a man was arrested for fraudulently creating 58,000 accounts which he used to collect money through verification deposits from online brokerage firms a few cents at a time. While opening the accounts and retaining the funds may not have been illegal by themselves, the authorities charged that the individual opened the accounts using false names (including those of cartoon characters), addresses and social security numbers, thus violating the laws against mail, wire and bank fraud.

In Los Angeles in October 1998, the district attorneys charged four men with fraud for allegedly installing computer chips in gasoline pumps that cheated consumers by overstating the amounts pumped.

In January 1993, four executives of a rental-car franchise in Florida were charged with defrauding at least 47,000 customers using a salami technique.

Historically, actual physical "penny shaving" may be considered a form of salami slicing. The edges of coins made of precious metals have been clipped or shaved by individuals in order to procure small quantities of said metals at a time with the intention that the coin would still retain its nominal value.

Salami slicing has played a key role in the plots of several films. The earliest mention of this practice was in the UK TV series The Sweeney, a 1976 episode called "Tomorrow Man", of a man rounding up percentage points and putting the difference in his own account (totaling two million dollars), using a computer. Other films include Superman III, Hackers, Entrapment, Web of Lies, and Office Space (one of whose characters mentions Superman III as inspiration). In Office Space, Peter Gibbons, Michael Bolton, and Samir Nagheenanajar decide to divert the supposedly "rounded-off" portions of banking interest deposits after Michael and Samir learn that they will be laid off. However, they end up taking much more than the fractions of a cent because of a misplaced decimal point. In reality, currency banking transactions are usually conducted using integer-only functions; no real rounding occurs on the books (as all operands are stored and manipulated as groups of integers, with the decimal point calculated at the end of the transaction and stored as a separate piece of data), precluding this particular scenario.

In a 1972 episode of the TV series M*A*S*H, Radar attempts to ship an entire Jeep home from Korea one piece at a time. Hawkeye commented that his mailman "would have a retroactive hernia" if he found out.

In the anime series, Ghost in the Shell: S.A.C. 2nd GIG, terrorist Hideo Kuze uses salami slicing in order to finance his actions, eventually stealing enough money to buy plutonium from a Russian smuggler.

The term is used in the country song "The Ballad of Silicon Slim". A non-digital variant of the practice is described in the 1976 Johnny Cash song, "One Piece At A Time", in which the protagonist, an automobile factory worker, steals individual parts to build a complete car over a period of decades.

An example of salami slicing also appears in a volume of Harry Harrison's Stainless Steel Rat series. The revolutionaries in Robert A. Heinlein's The Moon Is a Harsh Mistress use the technique to fund their war for independence. Thomas Whiteside's 1978 book, Computer Capers, documents how a programmer at a mail-order company diverted money from rounded-down sales commissions into a phony account for three years before he was caught.

There's references, footnotes and more info in the Wikipedia article.

So now, aren't you glad you asked?

Hello? Hello?



Post a Comment

Links to this post:

Create a Link

<< Home